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1)[X] Responsive to communication(s) filed on 25 March 2004 . 
2a)Q This action is FINAL. 2b)[X] This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 
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6) D Claim(s) is/are rejected. 
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Application Papers 
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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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DETAILED ACTION 

1 . Claims 1-25 have been examined. 

Priority 

2. Acknowledgment is made of applicant's claim for foreign priority based on an 
application 2434276, filed in Canada on 7/3/03. 

Drawings 

3. The drawings are objected to under 37 CFR 1 .83(a). The drawings must show 
every feature of the invention specified in the claims. Therefore, "configuring said 
each resource to query said password registry to determine the existence of an 
associate encrypted password" must be shown or the feature(s) canceled from the 
claims 6 and 20. (In fact, the specification suggest that front end processes, and not 
"each resource", that "query said password registry to determine the existence of an 
associated encrypted password".) Similarly, "an output for transmitting said 
unencrypted user-specified password to a process associated with said one of said 
resources for encryption at said process" and "an input for receiving said encrypted 
password from said process" is not disclosed in any figure. 

No new matter should be entered. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply 
to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. The 
figure or figure number of an amended drawing should not be labeled as "amended." 
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If a drawing figure is to be canceled, the appropriate figure must be removed from 
the replacement sheet, and where necessary, the remaining figures must be 
renumbered and appropriate changes made to the brief description of the several 
views of the drawings for consistency. Additional replacement sheets may be 
necessary to show the renumbering of the remaining figures. Each drawing sheet 
submitted after the filing date of an application must be labeled in the top margin as 
either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1 .121 (d). If the 
changes are not accepted by the examiner, the applicant will be notified and 
informed of any required corrective action in the next Office action. The objection to 
the drawings will not be held in abeyance. 

Claim Objections 

"Said each resource" in claim 1 lacks antecedent basis. 

Also, it appears that "in the absence of an associated encrypted password" (claims 6 
and 20) should read "in the absence of said associated encrypted password" 
Appropriate correction is required. 

Claim Rejections • 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 



4. 

5. 



Application/Control Number: 10/809,563 Page 4 

Art Unit: 2134 

The claimed invention as recited in claims 15-25 are directed to non-statutory subject 
matter. The claim limitations are directed towards software related entities (e.g. 
registry, processes etc.) and software must at least be implemented on the computer 
•readable medium in order to meet the statutory requirements. 

Claim Rejections ■ 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claims 1-25 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
that applicant regards as the invention. 

7. In claims 1 1 and 24, the term "password" lacks antecedent basis. 

8. The term: a "user-specified password", used in claims 1-25, is ambiguous. It is not 
clear whether applicant attempts to limit the subject matter to passwords selected by 
users or to passwords issued to specific users. Although the specification does not 
provide a clear definition, it appears that the term is directed towards passwords 
selected by users, and for purposes of further examination the phrase is treated as 
such. However, applicant should amend the claim language in order to clearly 
articulate metes and bounds of the claim limitation. 

9. It is also not clear, whether (e.g. claim 1) it is an unencrypted user-specified 
password or a process that is associated with said each resource. 
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10. The phrase: "user-specified password is unknown to said password registry" is not 
understood. Registry is not a person and it is not clear how it "can know" or "not 
know" the user-specified password. For purpose of the further examination the 
phrase is treated as meaning that the registry does not store an unencrypted form of 
the password. 

1 1. Claims 22-25 include means plus function but the specification does not clearly 
disclose what constitutes of the means. In the response applicant should clearly 
identify each means disclosed in claims or amend the claim language. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

1. Claims 1-3, 8-10 and 22-25 are rejected under 35 U.S.C. 102(a) as anticipated by 
Kao (USPUB 2002/0122553). 

Kao discloses managing a user's password for a plurality of resource using a 
password registry associated with the user (See Fig 3B, for example). 

2. As per claims 1, 8, Kao discloses encrypting an unencrypted user-specified 
password at a process associated with the each resource, and storing the encrypted 
password in the unencrypted user-specified password unknown to the password 
registry [0041-0044, 0047, 0049 etc.]. 

3. As per claims 2-3, Kao discloses associating with each encrypted password at least 
one piece of identifying information including at least one of a user, a resource 
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hostname, and a resource type stored with the encrypted password (Fig. 4, and 
[0043], for example). 

4. As per claim 9, server 210 (e.g. Fig. 2A), which Kao discloses to be utilized by an 
administrator and running a UNIX or Windows NT [0007], reads on a workstation. 

5. Fig. 2A discloses the limitation of claim 12. 

6. Claims 1 1 , 22-25 are substantially similar to claims 1 -3 and 8. Thus, claims 11,22- 
25 are similarly rejected. 

Claim Rejections - 35 USC § 102 or 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 4-5, 11-19 are rejected under 35 U.S.C. 102(b) as anticipated by or, in the 
alternative, under 35 U.S.C. 103(a) as obvious over Kao (USPUB 2002/0122553). 
As per claims 13 it is clear that Kao's invention use software (e.g. Windows NT 
[0042]) to offer discussed functionalities and software programs implemented in a 
computer readable medium (e.g. a computer hard drive), in particular the object 
oriented Windows) use set of process code modules to accomplish desired tasks. 
Furthermore, even if Kao's invention would not disclose implementing the discussed 
tasks using code. One would have been motivated to use the computer code 
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especially in light of the benefits of computer code use as evidenced by the 
commercial success. 

9. As per claims 15-17, in the broadest reasonable interpretation, the registry could be 
considered to be a computer code (set of process modules run on the workstation 
implementing Windows NT, for example), and an ordinary artisan would readily 
recognize that in order for the process module (code) to perform a particular function 
on data that includes a variable (e.g. password), the particular variable must be 
passed to the process. It is clear that a process receiving an input data in Kao's 
invention, would have to passed the data for manipulation (e.g. when password is 
checked for validity), and outputs data (e.g. the password is determined to be 
valid/found not valid/not found). These processes handling the receipt or output of 
data read on input/output. Thus, implementing the steps of the discussed above 
method (e.g. in reference to claim 1) using a program code process modules reads 
on limitations of claim 15. 

(The examiner includes Savitch reference to illustrate the fundamentals of 
parameters input and output.) 

10. As per claims 4, 18, Kao discloses retrieving a user-specified password from a 
registry. Although retrieving a variable from a registry (database) inherently utilize a 
query key (see Fig.4 and associated text), Kao is silent regarding at least one of 
said user ID, and resource hostname, and said resource type as a query key to 
uniquely identify. However, the limitation, if not inherent is at least obvious. An 
ordinary artisan would readily recognize that in order to query a database (registry), 
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a unique query key must be used. The ordinary artisan would recognize that, as 
shown in Fig. 2, at the user ID (User A, for example), uniquely identifies a particular 
password and a corresponding resource. 

11. As per claim 5, Kao discloses decrypting the retrieved encrypted password (e.g. Fig. 
5). 

12. The limitation of claim 1 1 , Kao discloses the workstation utilizing Windows NT's ACL 
[0042]. Furthermore, even if, somehow the Windows NT was re-configured without 
a password control, it would have been obvious to one of ordinary skill in the art at 
the time of applicant's invention to enforce the password control in order to ensure 
increased security of the system. 

Claim Rejections - 35 USC § 103 

13. Claims 6-7 and 20-21 are rejected under 35 U.S.C. 103(a) as obvious over Kao 
(USPUB 2002/0122553) in view of Mitchell (USPUB 20020120867). 

Kao discloses a system comprising password restricted resources [0032] and 
querying said password registry as discussed above. 

14. Kao does not disclose configuring the resources to query said password registry, 
and, in the absence of an associated encrypted password, querying the user for a 
password and at least one piece of identifying information. 

Mitchell discloses disclose configuring resources to query said password registry, 
and in the absence of an associated encrypted password, querying the user for a 
password and at least one piece of identifying information [0006-0008]. 
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It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to configure resources to query password registry, and in the absence of 
an associated encrypted password, querying the user for a password and at least 
one piece of identifying information. One of ordinary skill in the art would have been 
motivated to perform such a modification in order to alleviate resources from 
creating and maintaining its own registry. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

Blakley III (USPN 7039714), 
Shimada (USPN 5922073). 

Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Peter Poltorak whose telephone number is (571) 
272-3840. The examiner can normally be reached Monday through Thursday from 
9:00 a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571) 272-381 1 . The fax phone 
number for the organization where this application or proceeding is assigned is 
(571)273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





